LARTC - May 2006 - Routing based on source address

Hi,

Is it possible to create a routing rule that depends on the source
host/network, besides the target host/network?

E.g. route everything from 192.168.0.x to 10.0.0.1, and route everything
from 192.168.1.x to 10.0.0.1.

TIA

-- 
Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
web: www.askesis.nl

yes,

see my posting at http://mailman.ds9a.nl/pipermail/lartc/2006q2/018843.html
erez.


On 5/31/06, Joost Kraaijeveld <J.Kraaijeveld@askesis.nl>
wrote:
>
> Hi,
>
> Is it possible to create a routing rule that depends on the source
> host/network, besides the target host/network?
>
> E.g. route everything from 192.168.0.x to 10.0.0.1, and route everything
> from 192.168.1.x to 10.0.0.1.
>
> TIA
>
> --
> Groeten,
>
> Joost Kraaijeveld
> Askesis B.V.
> Molukkenstraat 14
> 6524NB Nijmegen
> tel: 024-3888063 / 06-51855277
> fax: 024-3608416
> web: www.askesis.nl
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Joost,

 : Is it possible to create a routing rule that depends on the 
 : source host/network, besides the target host/network?
 : 
 : E.g. route everything from 192.168.0.x to 10.0.0.1, and route 
 : everything from 192.168.1.x to 10.0.0.1.

Yes.  If I understand your question correctly, you have described a 
classic case of policy routing.  Policy routing allows you to use 
packet attributes and meta-attributes other than the destination 
IP/network for route selection.  These documents [0] and [1] are a 
few years old, but everything described still functions this way.

You will want to learn about how to use the routing policy database 
(RPDB) and then you''ll need to create multiple routing tables.  The 
RPDB controls whether and which of the routing tables is selected 
based on things like Type of Service (ToS), source address, 
netfilter mark and/or ingress interface.

And here are two tips:

  A. turn off reverse path filtering [2]
  B. think about the return path of packets, too

Forgetting to account for the return path of packets seems to be a 
commonly encountered problem when implementing policy routing 
solutions.  I suggest the copy_routing_table shell function [3], 
which can be run like this:

  # printf "%s %s\n" 5 provider_b >> /etc/iproute2/rt_tables
  # copy_routing_table provider_b

Now, there''s an exact copy of the main routing table in the routing 
table provider_b (number 5).  Next step is to change the default 
route for that routing table:

  # ip route change default table provider_b via 10.0.0.1
  # ip rule add from 192.168.0.0/24 table provider_b
  # ip rule add from 192.168.1.0/24 table provider_b

Good luck,

-Martin

 [0] http://linux-ip.net/html/routing-rpdb.html
 [1] http://linux-ip.net/html/routing-selection.html
 [2] http://lartc.org/howto/lartc.kernel.html#LARTC.KERNEL.RPF

 [3] function for copying a routing table

     # - - - - - - - - - - -
       copy_routing_table () {
     # - - - - - - - - - - -
     #
     # -- accepts at least one parameter:
     #
     #    $1:  table identifier for the routing table to create
     #    $2:  optional source table identifier
     #
       test "$#" -lt "1"     && return
       DTABLE=$1
     
       test "$#" -gt "1"     &&
STABLE="$2"
       test "$STABLE" = ""   &&
STABLE="main"
     
       ip route flush table $DTABLE
       ip route show table $STABLE | while read ROUTE ; do
           ip route add table $DTABLE $ROUTE
       done
     
     }


-- 
Martin A. Brown
http://linux-ip.net/